{"description": "Mobile techniques used by CHEMISTGAMES, ATT&CK software S0555 (v1.0)", "name": "CHEMISTGAMES (S0555)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1437", "showSubtechniques": true}, {"techniqueID": "T1437.001", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1623", "showSubtechniques": true}, {"techniqueID": "T1623.001", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can run bash commands.(Citation: CYBERWARCON CHEMISTGAMES)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1533", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can collect files from the filesystem and account information from Google Chrome.(Citation: CYBERWARCON CHEMISTGAMES)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1407", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can download new modules while running.(Citation: CYBERWARCON CHEMISTGAMES)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1521", "showSubtechniques": true}, {"techniqueID": "T1521.002", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1430", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has collected the device\u2019s location.(Citation: CYBERWARCON CHEMISTGAMES)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1655", "showSubtechniques": true}, {"techniqueID": "T1655.001", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has masqueraded as popular South Korean applications.(Citation: CYBERWARCON CHEMISTGAMES)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1575", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has utilized native code to decrypt its malicious payload.(Citation: CYBERWARCON CHEMISTGAMES)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1406", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has encrypted its DEX payload.(Citation: CYBERWARCON CHEMISTGAMES)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1474", "showSubtechniques": true}, {"techniqueID": "T1474.003", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.(Citation: CYBERWARCON CHEMISTGAMES)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1426", "comment": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has fingerprinted devices to uniquely identify them.(Citation: CYBERWARCON CHEMISTGAMES)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by CHEMISTGAMES", "color": "#66b1ff"}]}